Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
Access-Control-Allow-Headers
X-Request-Id
Access-Control-Allow-Methods
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Xss-Protection
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Request-ID
Content-Security-Policy-Report-Only
X-Cache-Status
X-Generator
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-Buckets
X-FRAME-OPTIONS
X-Content-Security-Policy
Upgrade
Xkey
X-CDN
X-Turbo-Charged-By
X-Kinja-Server-Push
Keep-Alive
Access-Control-Expose-Headers
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-AH-Environment
X-Drupal-Dynamic-Cache
X-Age
X-Ua-Compatible
X-Pingback
X-Server
X-Via
X-Proxy-Cache
Grace
X-Amz-Request-Id
X-Amz-Id-2
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
Cf-Railgun
P3p
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-WebKit-CSP
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
X-OneAgent-JS-Injection
X-Device
Ali-Swift-Global-Savetime
Server-Timing
Allow
X-Ac
X-Rq
X-Node
X-Host
Content-Location
X-Server-Id
X-CST
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-Backend-Server
X-Cloud-Trace-Context
Surrogate-Control
EagleEye-TraceId
X-Application-Context
X-Type
X-Iejgwucgyu
X-ORACLE-DMS-ECID
X-Url
X-Readtime
Request-Id
X-Origin-Cache
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
NEL
Rating
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Instart-Request-ID
X-Ruxit-JS-Agent
X-Vhost
X-DynaTrace
X-Mod-Pagespeed
Pinterest-Generated-By
X-Origin-Upstream-Status
X-DataDome
X-Px
Edge-Control
X-Goog-Hash
X-Upstream-Env
Verso
X-HW
X-Server-Name
Accept-CH
X-ESI
X-Dispatcher
X-ORACLE-DMS-RID
MS-Author-Via
X-VARITI-CCR
AR-CACHE
AR-ATIME
AR-PoweredBy
X-GitHub-Request-Id
X-MS-InvokeApp
PB-RID
X-Mobile-Rewrite
PB-PID
Arc-Version
X-Cdn-Fetch
X-Kinja-Server
X-Kinja-Build
X-GoogleNews-Bot
X-Exp-Id
X-Exp-Variant
X-Kinja
X-Kinja-Revision
X-Use-Magma
X-DataStream-Cache-Status
X-Cached
X-TTL
Charset
X-Version
Content-MD5
X-Powered-By-Plesk
Public-Key-Pins
X-Recruiting
Service-Worker-Allowed
AR-Request-ID
Accept-CH-Lifetime
Ar-Sid
RTSS
X-Abt-Application-Version
X-Navigation-Version
X-D2id
X-PC
X-Vname
X-TtlSet
X-Ser
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Amz-Server-Side-Encryption
X-Server-ID
X-Vcap-Request-Id
X-Varnish-TTL
X-Trace
X-Forwarded-Proto
X-Client-IP
SPRequestGuid
X-DynaTrace-JS-Agent
Nginx-Cache
X-FTR-Backend
X-FTR-Backend-Server
X-Country-Code-Real
X-FTR-Realm
X-FTR-Balancer
X-FTR-DC
X-FTR-Cache-Status
X-Goog-Generation
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Stored-Content-Length
X-FTR-Expires
X-Amz-Rid
X-VCache
S
X-Fastly-Request-ID
X-SharePointHealthScore
X-Amz-Meta-S3cmd-Attrs
X-XRDS-Location
X-Cdn
X-Debug
DynaTrace
TCN
Arr-Disable-Session-Affinity
X-Hits
X-TEC-API-VERSION
X-Shield-Request-Id
X-TEC-API-ROOT
X-TEC-API-ORIGIN
X-Dw-Request-Base-Id
X-Upstream-Proxy
X-Akam-SW-Version
SPRequestDuration
SPIisLatency
X-Pinterest-Rid
Pinterest-Version
X-B3-TraceId
Access-Control-Request-Method
X-Powered-CMS
X-T
X-FTR-Cache-Host
X-Goog-Storage-Class
X-Oracle-Dms-Rid
Front-End-Https
X-SERVER
Realpath
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
X-Id
X-Amzn-Trace-Id
Tracecode
X-Aspnet-Version
Fastcgi-Cache
X-N
X-Content-Type
X-Varnish-Age
Paypal-Debug-Id
X-Forwarded-For
X-Upstream
X-Dns-Prefetch-Control
X-Fastcgi-Cache
X-Mrf-Item-Lastmod
Mrf-Cache-Status
X-Mrf-Section-Lastmod
X-B3-TraceId-Primal
MRF-Tech
X-Ttl
Alternate-Protocol
X-Frontend
X-RateLimit-Remaining
X-Logged-In
X-PressLabs-Stats
X-HS-Content-Id
X-HS-Hub-Id
X-Content-Digest
Fusion-Component-Id
Fusion-Content-Id
Fusion-Source
Fusion-Template-Id
Fusion-Content-Source
Display
X-Middleton-Display
X-Hostname
AMP-Access-Control-Allow-Source-Origin
X-Sol
Response
X-Middleton-Response
X-Litespeed-Cache
X-Srv
X-Accel-Expires
X-Pad
X-Cache-Key
X-Webkit-CSP
MicrosoftSharePointTeamServices
Host
X-Kinsta-Cache
Server-Name
X-Correlation-Id
X-Analytics
X-DataStream-MidMile-RTT
X-DataStream-Origin-MEX-Latency
Backend-Timing
X-Content-Options
X-User-Agent
X-Debug-Info
X-Revision
X-LB-Cache
X-B3-Traceid
X-Rid
X-Activity-Id
X-AppVersion
X-Accel-Buffering
X-Az
Accept-Charset
X-B3-Sampled
X-Amz-Apigw-Id
X-Cache-Hit
X-IPLB-Instance
X-Cache-2
X-Amzn-RequestId
Refresh
FilterID
Surrogate-Key
X-B
Powered-By-ChinaCache
ServerID
X-DIS-Request-ID
X-CF-Powered-By
X-Grace
X-Whom
X-Page-Id
Server-Info
TP-Cache
TP-L2-Cache
X-Request-Received
MS-CV
X-Request-Processing-Time
Host-Header
X-PHP-Backend
Cache-Status
X-Content-Security-Policy-Report-Only
VIX-Pulpo-Upstream-Status
X-Origin-Server
X-Kong-Upstream-Latency
VIX-Pulpo-Node
X-Amz-Replication-Status
X-TT
X-Kong-Proxy-Latency
X-Varnish-Backend
X-F-Cache
X-Framework
X-App-Environment
X-Cache-Action
X-Akamai-Edgescape
X-UA-Device-Type
X-Cached-By
Source
X-Platform-Server
X-Cluster
Access-Control-Allow-Method
X-Tumblr-Pixel
X-Tumblr-Pixel-0
X-Mobile
X-Tumblr-User
X-FW-Server
X-FW-Static
X-FW-Type
X-Content-Powered-By
X-FW-Serve
X-FW-Hash
X-Drupal-Cache-Tags
X-Instance
X-Ruxit-Js-Agent
X-Varnish-Grace
X-FB-Debug
X-Zen-Fury
X-SS-Set-Cookie
X-Geo-Country
X-Request-Guid
X-RateLimit-Limit
X-Forwarded-Host
X-GUploader-UploadID
X-Shard
X-Handled-By
X-Ezoic-Cdn
X-Cache-TTL
X-Magnolia-Registration
X-FastCGI-Cache
Edge-Cache-Tag
From-Origin
X-Node-Name
X-ATG-Version
X-Varnish-Hostname
PageSpeed
X-Cache-Age
Cache-Tags
X-Varnish-Server
DC
X-BCube-Filmed-By
X-App-Server
Cleartype
X-AOL-HN
X-Cache-Control
Healthy
Upgrade-Insecure-Requests
Fastly-Restarts
Payment
X-Cache-Rule
X-Generated-By
Filters
X-Region
Server-Node
X-RequestSource
X-WebKit-CSP-Report-Only
X-Response-Served-From
X-Adobe-Content
X-Signature
X-TX-ID
X-Adobe-Loc
X-B-Cache
Ms-Operation-Id
NGB
X-TT-TIMESTAMP
Country
Webserver
X-UUID
X-RTag
X-Storage
X-GeoIP
X-VG-WebCache
X-Tumblr-Pixel-2
X-Jobs
X-Drupal-Cache-Contexts
X-Redis-Cache
X-Tumblr-Pixel-1
X-FW-Dynamic
X-Content-Age
Cache-Tv-Group
Actual-Object-TTL
X-Varnish-Hits
Retry-After
X-Cacheable-TTL
CACHE
X-Locale
X-TA-CDN-Provider
Powered
GEO-INFO
ServedBy
X-XRDS-LOCATION
Liferay-Portal
Frame-Options
X-Contextid
HitType
X-Rendered-As
X-Seen-By
X-Oneagent-Js-Injection
X-Cache-TTL-Remaining
X-Guploader-Uploadid
X-WA-Info
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Varnish-IP
X-Via-JSL
X-Real-IP
X-GRACE
X-Wix-Server-Artifact-Id
X-ProcessESI
X-RemovedCookies
Eomportal-Instance
X-Upgrade-Enabled
X-Cache-NE
Viewport
S-Cnection
X-Time
X-BACKEND-TTL
Xserver
X-Cache-Server
X-Mode
X-Esi
OT-Force-Account-Verify
X-Cache-Operation
Content-Style-Type
Datacenter
Content-Script-Type
X-Path-Route
X-Is-Bot
X-Hl-Ver
X-From
X-Zipkin-Id
X-Proto
X-ES-SERVER
X-Proxied
X-Routing-Service
X-RN-RSRV
Load-Balancing
Meta-Geo
Cache-Key
Cache-Hits
X-Varnish-Cache-Hits
Mn-Server-Ip
X-Cache-Enabled
X-Detected-As
X-Cache-Var-Map
X-Cache-Var
X-Device-Type
Machine
NtCoent-Length
X-Cache-Config
X-Tb
X-FB-TRIP-ID
X-Akamai-Transformed
X-Environment-Context
Webcakes-App-Version
X-AWS-Id
Mail-Subject
Webcakes-Region
X-Proxy
TWC-GeoIP-Country
X-L-Path
X-LJ-Flow-ID
X-Hosted-By
X-VG-TLSProxy
X-Origin-Hint
L5d-Success-Class
Webcakes-App-Name
X-S
TWC-Locale-Group
We-Hiring
TWC-GeoIP-LatLong
Access-Control-Request-Headers
TWC-Device-Class
TWC-Connection-Speed
Property-Id
TWC-Privacy
X-Viewer-Country
NGX
X-VWS-Id
Vix-Hermes-Req-Id
Azure-Version
X-EIG-Tracking-Id
X-Birta-Cache-Post
X-Birta-Served
Azure-SlotName
X-Format
X-FW-Version
Azure-SiteName
X-FC-Vary-Parameters
Azure-RegionName
X-ServerID
X-Labrador-Cache-Channel
X-NWS-LOG-UUID
X-TNCMS
X-Backend-Name
Azure-InstanceId
X-Time-Microsecs
X-Section
X-Akamai-Request-ID
X-Origin-Response-Time
X-Loop
X-Access
Selected-FE
Origin-Cache-Control
Origin-Edge-Control
S-Rt
X-JoinUs
X-Web-Node
X-Xfnlog-Site
Cache-Tag
X-Via-Fastly
X-Vgn-Hpd-Reason
DB-Nickname
Now
X-Rocket-Nginx-Bypass
X-Tumblr-Pixel-3
X-RCS-CacheZone
X-NCache
X-BYPASS-REASON
X-Varnish-Cacheable
X-CCM
X-Trace-Id
X-Debug-Cache
X-Endurance-Cache-Level
X-Proxy-Build
X-ProxyCache-Key
X-Timing-Wait
X-ProxyCache-Status
X-Grey
X-Cache-Category-Id
X-Www-Served-By
X-Via-CDN
Uber-Trace-Id
X-OCL
X-Human
X-PCL
Decoy-Debug-Key
Decoy-Debug-Status
X-Newrelic-App-Data
X-Generated
X-Status
X-Site-Version
Decoy-Debug-TTL
X-MP-GENERATED-AT
Served-By
X-IP
X-R9-Blue-Green-Version
X-Internal-Host
X-VC-Cache
X-Cache-Remote
X-Rule
X-Dynatrace-Js-Agent
ViewerVersion
X-CDN-Cache
LB
X-Wix-Request-Id
X-EdgeConnect-Cache-Status
X-UnsetCookies
Release
AsisCache
X-UA
X-Cluster-Node
X-Origin-Host
Rt-Fastcgi-Cache
X-Sucuri-ID
X-Ua
Nel
X-NewRelic-App-Data
X-App-Name
X-PERF
X-ApacheServer
X-Source
X-Nginx-Cache
X-B3-Spanid
X-App-Version
X-TIME
X-Request-Time
X-Datadome
Pagespeed
X-Varnish-Ttl
User-Agent
X-Agile-Age
X-Agile-Id
X-Agile
X-OVcl-Cache
X-APP-VERSION
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Hit
X-OVcl
Cache-Name
X-Origin
X-VCT
X-Edge-Location
Warning
Hostname
X-Pubstack
X-Origin-CC
X-Origin-TTL
X-A-Ccd
X-Transaction
BehaviorPad-Version
DSUID
Arc-Country
X-A-Dam
X-Trv-Group
Ec-Rule-Version
X-Var-Ttl
X-Twitter-Response-Tags
X-Up
X-G
X-Date
X-D
X-Core-Value
Www
Thinkindot-CacheControl
X-A
On-Server
X-Cdn-Forward
X-CF-Lambda-Version
X-Cache-Expires
Ajk
X-Cache-Grace
X-Aed
Thinkindot-Control
X-Region-Sid
X-Cache-ASPX
X-B-Cookie
X-ARC
UCS
SRV
X-BB-ID
X-Debug-Cache-Expiry
Thinkindot-CacheControl-Type
X-A-Dcw
X-A-Dgt
X-Server-Group
Cross-Origin-Window-Policy
X-Connection-Hash
X-Application
X-A-Wwc
X-Accel-Expires-Debug
X-Cache-Info
X-CF-Lambda-Fn
X-SRCache-Key
X-Thinkindot-L3
X-Debug-Cache-Store
X-Rewrite-Enabled
X-S-Cookie
X-Generated-In
X-Instart-Isnd
X-Webstats-RespID
Request-EU
Request-Time
X-Destination
X-Secret
X-Developer
X-ScT
X-Platform
Request-Country
X-F5-Cache
MD5-Digest
Origin
X-DPWN-IS-SECURE
Memcached
X-Hp-Webp
Meta-Geo-Continent
Xc-Version
Rendered-Blocks
X-IN-WAF
X-IN-APIGATEWAY
X-Processor
Lfy
Fly-Request-Id
Node
Cache-Prefix
X-NX-Host
X-Logtrace-Id
X-Debug-Cookies
X-Varnish-Authentication
X-Rojux
Server-Surrogate-Control
X-Debug-Cache-Fetch
X-Gannett-Site-Version
X-Request-UUID
X-Edge-IP
X-PAYTM-SRV-ID
X-Debug-Log
X-NU-AKA-ACS-Version
X-NodeID
X-External-Request-Id
X-Matched-Rule
X-Mobile-URL
X-VG-WebServer
Fly-Cache
Server-Cache-Control
X-Varnish-Beresp-Status
X-Varnish-Beresp-Grace
X-Protected-By
User-Cache-Control
X-ElasticPress-Search
X-Cache-Backend
X-Request-URI
Proxy-Connection
RNT-Machine
True-Client-Country-4JS
Server-Host
RNT-Time
Server-Int
Pramga
X-Page-Type
X-Info
X-Dispatcher-Server
X-Policy
X-Irp-Debug
X-LAGOON
X-Li-Fabric
X-Developers
X-Device-Os
X-Proxy-Cache-Status
X-Distil-CS
X-Geo-Header
X-Qloud-Router
X-Epic-Correlation-Id
X-Hash
X-RateLimit-Limit-Second
X-Proxy-Upstream
X-Distributor
X-Li-Pop
X-LI-Proto
X-Cache-Id
X-CGP
X-Rebelmouse-Cache-Control
X-Cache-Host
X-Cache-Debug
X-Rebelmouse-Surrogate-Control
X-C
X-Crawler
X-RateLimit-Remaining-Second
X-No-Session
X-Nginx-Cache-Key
X-LI-UUID
X-Origin-Date
X-Origin-Expires
X-Eu-Site
X-PHP-Host
X-Reboot
X-SN
CDCHOST
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Servername
X-Refresh
X-Sedo-Request-Id
Fastly-Backend-Name
Country-Code
Backend
Apple-News-Services-Request-Url
X-Sucuri-Cache
X-ServiceProvider
X-Sf
X-SIPLIST1
X-Ocache
Apple-News-Services-Parsed-Url
Apple-News-Services-Host
Apple-News-Services-Handled
Fastly-SIE
X-Swa-Ws
X-TT-LOGID
HA-Ipaddr
Kp-EeAlive
X-Cache-Miss-From
X-Varnish-Url
X-WPE-Loopback-Upstream-Addr
Ha-Gx-Prefs
IsBot
Fastly-SWR
Cteonnt-Length
Cache
X-Ah-Environment
X-Core-Mission
X-Cache-FS-Status
X-Skip-Cache
X-Cache-Bucket
X-Thanos
X-Block-Status
X-Bip
X-Generated-On
X-Wikidot-Static-Cache
X-Location
ServerName
X-Gateway-Cache-Key
X-Cdn-Srv
X-BBXSRF
X-Sorting-Hat-ShopId
X-Gen-Mode
X-Fetched-On
X-Gateway-Cache-Status
X-Gateway-Skip-Cache
X-Variation
X-User
X-Cms-Context
X-Sorting-Hat-PodId
AKAMAI
X-S-Maxage
Heartbleed
X-Level-Front-Cache
X-Key
Fastly-Soc-X-Request-Id
FNAC-ModuleRouting
HTTPS
Is-Eu
Magicmarker
N-Cache
Pagetype
Platform
X-MSEdge-Features
X-MSEdge-Flight
Content-Disposition
X-Server-IP
X-Amzn-Remapped-Content-Length
X-Amzn-Remapped-Connection
X-Amzn-Remapped-Date
X-ShardId
X-Micro-Cache
X-ShopId
Adler-Geo
X-Amz-Meta-Cache-Control
X-GeoIP-Country-Code
X-Hnp-Log
Web-Mar-Node
X-GeoIP-City
X-Alternate-Cache-Key
X-Wikidot-Backend
X-Shopify-Stage
X-Real-Ip
X-FireWall-Port
SD-X-WS
X-Backend-State
X-Owner
X-Planisys-CDN-Cache
X-Planisys-CDN-Rules
Fastly-SSL
X-Server-Time
X-Planisys-CDN-TTL
X-Fastly-Cache
X-TrackingId
X-CACHE-KEY
X-Backend-Host
X-Auto-Login
X-Via-SSL
X-Via-Edge
X-Backend-Url
X-GZip
X-Varnish-Beresp-Ttl
X-Node-Id
Gh-Request-Id
Server-ID
X-RateLimit-Reset
MIME-Version
X-Org
X-Apm-App-Name
X-Apm-Svc-Key
X-NC
X-Sn-Servicetimems
V-Age
X-Cdn-Origin
X-Apm-Inst-Hash
Rt-Proxy-Cache
X-Geo
REQUESTUUID
Powered-By
X-Exp-Se
Viewtype
X-CUA
VivaBuild
X-Pjax-Url
X-ND-Cache
X-FPC
X-Load-Cache
Section-Io-Cache
Pragrma
HostName
X-CDN-Forward
X-Served-From
X-B3-Parentspanid
X-Nc
X-Dc
X-Passed-To
X-Returned-From-DLL
X-Original-Request
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Aicache-OS
X-Stale
X-Svr
X-Gdpr
X-Returned-From-PostProcessResponse
X-Returned-From-BeforeDispatch
X-Passed-To-BeforeDispatch
X-CSRF-TOKEN
X-Actual-URL
X-Returned-From
X-Server-By
X-Parent-Response-Time
X-VServer
Time
Memory
X-DC
X-HS-Cache-Config
X-Croise-Owner
Host-ID
Fastcgi-Useragent
X-Edge-Server
Cdn-Host
X-Servedbyhost
Cdn-Request-Time
X-Git-Hash
X-Wa
Wxu-Next-Commit
Wxu-Next-Region
Wxu-Next-Hostname
X-Unique-ID
PICS-Label
ProcessTime
Resin-Trace
X-Microcachable
CF-IPCountry
X-Oss-Hash-Crc64ecma
Mime-Version
X-Oss-Request-Id
X-Oss-Server-Time
X-Oss-Object-Type
X-Oss-Storage-Class
SID
X-Release
X-Host-Name
X-Tb-Optimization-Total-Bytes-Saved
X-V
X-Cache-HT
X-Optimization
X-Newrelic-Synthetics
AR-SID
X-ID
Cf-Ipcountry
X-From-Cache
Cdn
X-WebServer
X-Req
X-TH-Server
X-Daa-Tunnel
Odigeo-Trace-Id
X-Lb-Id
X-Phone
X-Varnish-Beresp-TTL
X-Instart-Info
X-Upstream-HT
X-HTML-Minification-Powered-By
X-Upstream-CT
X-Atg-Version
XServer
X-LB-ID
X-Fastly-Backend-Reqs
Proxy-Firewall
X-Fstrz
X-APP
Backend-Name
CF-Cached-On
X-Worker
X-Vcl-Version
X-Response-By
Processtime
X-WR-MODIFICATION
X-B3-SpanId
X-Ratelimit-Remaining
GMS-Ver
X-Backend-TTL
X-Ratelimit-Limit
Public-Key-Pins-Report-Only
X-Server-W
X-Zone
X-Nananana
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
WZWS-RAY
178proxuri
Xxline
X-Check-Cacheable
188prxHost
225prxHost
189phosttRef
286prxHost
352pxline
409pxxline
355prline
219prxHost
Version
X-GEO
Pics-Label
X-Vcache
Fastcgi-X-Cache-Version
X-IPS-LoggedIn
X-NGINX-Cache
X-WA
X-Ratelimit-Reset
Esi-Enabled
X-URL
X-Amz-Meta-Surrogate-Control
X-UPSTREAM-Address
X-HS-Status
Lb
X-Akamai-Request-ID2
X-We-Are-Hiring
SN
GW-Server
Accept-Language
X-ServedByHost
Countrycode
X-Contensis-Viewer-Groups
X-CSRF-Token
GeoIP-Country-Code
GeoIP-Latitude
GeoIP-City
X-VCL-Version
X-UE-Client-Country
X-Hyper-Cache
X-AssetVersion
X-Clientip
Mobile-Detection-Method
DataCenter
X-Fastly-Country-Code
Geoip-Latitude
SS
X-SERVER-NAME
X-Via-Ucdn
GeoIp-Country-Code
X-Dynatrace
Ohc-File-Size
X-SRV
Geoip-City
X-Render-Time
X-Request-Start
X-Vtex-Processado-Em
X-Microsite
X-Request-Handler-Origin-Region
X-Vtex-Remote-Cache
X-GDPR
X-BE
X-Be
X-RequestId
X-NWS-UUID-VERIFY
Serverid
WP-Super-Cache
X-GZIP
X-Urbn-Site-Id
URI
X-Via-NSCOPI
FSS-Proxy
X-CS
X-Urbn-Context-Path
FSS-Cache
X-HS-Combine-CSS
Locale
X-ZONE
X-LiteSpeed-Cache-Control
X-PF-Uncompressing
X-Unique-Id
X-Reqid
X-Hello
X-Gen-Id
CDN
X-Cdn-Cache
X-Fpc
X-PJAX-URL
X-Flog
X-ABtesting
X-HostName
FastCGI-Cache
Dynatrace
Amp-Access-Control-Allow-Source-Origin
X-FORWARDED-FOR
Ohc-Cache-HIT
X-Fastly-Cache-Hits
RequestUuid
X-Pf-Uncompressing
Cneonction
X-Generation-Time
IBM-Web2-Location
Dnion-Transfer-Encoding
X-Cache-Ttl
X-LiteSpeed-Tag
X-Test
X-Html-Edge-Cache
X-UCC
X-Store
X-Request-Url
Server-Id
Accept-Ch
A
X-Akamai-SSL-Client-Sid
Requestid
X-Dw-Trace-Id
RequestId
Who
Is-Session-Tracking
Ohc-Response-Time
Get-Access-Time
X-Port
X-Varnish-Action
X-Serial
Frontcache
X-ServerName
NnCoection
X-Cdn-Request-ID
X-HTML-Edge-Cache
X-EC-Lua